Groups

Coming Soon

Groups are under active development and will be available in a future release.

When your team grows beyond a handful of people, assigning policies to individuals doesn’t scale. Groups let you say “the Southeast team sees Southeast data” and then add or remove team members without touching any policies.

How groups work

A group is a named collection of users. You create a group, add members, and then assign policies to the group instead of (or in addition to) individual users.

When a user belongs to a group, they inherit all of the group’s policies. If the group has an access policy for region = SE, every member of that group sees only Southeast data — automatically.

Flat, not hierarchical

Groups in Querri are flat. There are no parent groups, child groups, or nested hierarchies. This is intentional — hierarchical groups add complexity that most organizations don’t need.

Need a user to have both regional and departmental access? Add them to both groups. A user in the “Southeast” group and the “Sales” group gets both sets of filters composed together — Southeast rows that are also in Sales.

Multiple groups compose naturally

Policies from different groups combine the same way as individual policies: same column = OR, different columns = AND. A user in the “Southeast” group and the “Northeast” group sees data from both regions.

Managing groups

Creating a group

1. Go to Settings > Security > Groups
2. Click Create Group
3. Give the group a descriptive name (e.g., “Southeast Sales Team”, “Finance Department”)
4. Add members by searching for users

Assigning policies

Assign policies to groups the same way you assign them to users:

1. Open a policy from Settings > Security > Access Policies
2. Click Add Groups
3. Select the groups that should have this policy

How resolution works

When Querri determines what a user can see, it collects policies from two sources:

1. Direct policies — policies assigned directly to the user
2. Group policies — policies from every group the user belongs to

All policies merge together using the same composition rules: same column = OR, different columns = AND. There’s no priority or override — group policies and direct policies are treated equally.

Common patterns

Regional teams: Create groups for each region. Assign a region-based access policy to each group. New hires get added to their region’s group — they immediately see the right data.

Departments: Create groups for Sales, Marketing, Finance. Each group gets policies appropriate to their data access needs.

Temporary access: Add a user to a group for a project, then remove them when it’s done. No policies to create or clean up.

Next steps

• Access Policies — The policies you assign to groups
• Workspaces — Governance boundaries between departments
• Admin Controls — Organization-wide settings